Linux Kernels, Security, & the CVE-2016-0728 Bug. The Role of Managed WordPress

When you think of your server’s security you probably think: ‘Is my site up to date?’, ‘Am I using any outdated plugins?’, or ‘Is my SSL certificate still valid?’. You’re probably not too concerned with your server’s kernel version or Operating System’s version. However, when it comes to vulnerabilities discovered in either one, it’s not safe to use an outdated kernel or operating system. Unfortunately, updating means rebooting the server – which means downtime for your clients’ WordPress sites. CVE-2016-0728 is an example of a vulnerability that could have caused your server — and your clients’ WordPress sites — to be compromised. However, if you have Managed WordPress Hosting, you can rest assured that everything will be secure – without the pain of downtime.

CVE-2016-0728: Exposing All of Your Clients to Hackers

The CVE-2016-0728 vulnerability, discovered in January 2016, could have allowed hackers to gain elevated privileges on any server running the vulnerable kernel versions. This is concerning because a single compromised site on your server could allow an opening for a malicious user to exploit this vulnerability and take over – exposing all of your client sites.

In addition, if that happened, you would not only have a single website that’s compromised, but also a fully rooted server. Instead of working to replace a single hacked site, you’d have needed to secure the full server. In that case you could have either tried to recover the server or build a new one. Both options are time consuming and difficult. It’s much better to protect your server from being hacked altogether – and in this case, you’d need to update the kernel.

Uptime Funk: To Reboot or Not To Reboot?

Updating the kernel is the best way to keep your server secure, but there are potential pitfalls. You could update the server with the new patch, but that means rebooting the server and dealing with downtime. Not to mention, kernel updates are often released multiple times a week. Do you really want to sign your clients up for consistent downtime? Alternatively, you could not apply the update – leaving potentially huge security risks unpatched. (Hint: We don’t recommend that last option.)

Luckily, there is a third option; one that allows you to stay secure and keep your sites and server online. It’s called ‘kernel hot patching’, or KernelCare. A relatively new concept, kernel hot patching was introduced in 2014 and goes by many names, but the concept is the same all around: swap the outdated functions with the patched versions without anyone noticing. Much like Indiana Jones swapped the golden idol for a bag of sand, the swap is done quickly and efficiently – but we avoid the boulder of downtime.

No Compromises: Uptime, Peace of Mind, & Secure Servers

Luckily for Liquid Web’s managed hosting customers (like our Managed WordPress customers) we are able to utilize KernelCare to hot patch the server’s kernel, protecting our customers and saving them from downtime. With this feature, you don’t need to have weekly scheduled reboots for kernel updates and still keep your client sites secure.

This kind of proactive security update is included with all of our Managed WordPress plans, as well as any other Fully (or Core) Managed plan. Because of our Heroic Support®, our customers were protected from CVE-2016-0728 without having to lift a finger! Never make the compromise between uptime, security, and peace of mind again – make sure your customers are protected with our industry-leading 24/7/365 Heroic Support.

Dan Pock does Technical Writing & Marketing at Liquid Web with a background in System Administration, Public Relations, and Customer Service. His favorite things include: his cats, Oscar Boots and Dash Nouget; experimenting with PHP; and making up recipes (or at least attempting to). You can find his coding hijinks on GitHub, where he shares most of his projects and open source work.